ISV Startups: Go Viral Without Spreading Malware

One of the quickest ways for a potentially great software idea to tank is by allowing it to be bundled with deceptive software that unleashes unwanted — and potentially harmful — results.

So, you’ve turned your big software idea into reality, and it’s ready to go. Now what? How do you get it into the hands of as many prospects as possible, so they can try it and buy it? Lots of software developers use app installation platforms to increase their distribution.

The problem is many of these sites bundle additional free software with your software to help drive up their overall download performance (and profit margins). The term for this practice has been coined unwanted software, abbreviated UwS (pronounced “ooze”). According to research from Google, people bump into 60 million browser warnings for download attempts of unwanted software at unsafe webpages every week.

Google monitored the offers bundled by four of the largest pay-per-install affiliate networks on a daily basis for more than a year, collecting 446,000 offers related to 843 unique software packages. The most commonly bundled software included unwanted ad injectors, browser settings hijackers and scareware purporting to fix urgent issues with a victim’s machine for $30 to $40.

“Over the past six years, we’ve seen a lot of software released that’s infested with malware that damages Windows desktops,” says Joel Diamond, CEO and cofounder of AppVisor LLC, a company that creates and manages software distribution across 8,000+ websites worldwide. He’s also the founder of WUGNET (Windows User Group Network) and VP of the Association of Software Professionals (ASP).

“If a consumer or small business owner picks up a malware infection from a popular app installation platform, you can be assured they’ll never use that platform – or that software – again. It’s not unrealistic that an incident like this could put a software startup out of business overnight.”

Smart Ways to Protect Yourself from Unwanted Software Bundles

As someone who’s been involved in software development and distribution for more than 20 years, Diamond highly recommends ISVs familiarize themselves — and register with — the Clean Software Alliance (CSA), a nonprofit comprising antimalware vendors, software distribution and monetization firms and major software platforms. CSA’s mission is to codify and operationalize industry best practices through guidelines, policies and technology tools that balance the software industry’s needs while preserving customer choice and customer control.

The next step Diamond suggests is registering your company and your product at AppEsteem, an industry self-regulatory group that’s affiliated with the CSA and makes sure software companies are distributing products that are safe and clean for consumers to use. Here’s a few important highlights about AppEsteem:

  1. AppEsteem will evaluate your app at no cost. If it meets their requirements, they’ll issue you a certification and inform the security companies that you’re compliant.
  2. Software vendors that commit to following the group’s requirements can register their apps and receive early notificationif AppEsteem finds violations that would land the app on the group’s Deceptor page, so they can address any issues right away and mitigate any reputation damage.
  3. Here’s a link to AppEsteem’s checklist page, which provides prescriptive guidanceand shows examples to help software developers prepare for certification.

Compared to the investment required to design a great app, it’s a relatively small extra step to protect your investment with AppEsteem certification, says Diamond. “There are literally hundreds of thousands of apps consumers and businesses have to choose from. Software developers who show they’re serious about keeping their software clean and compliant stand out from the masses – especially among those who’ve experienced the frustrations and harm of malware.”  

Datacap Systems